Mit dem Februar kommt ein neuer Patch-Dienstag mit 56 CVEs; darunter 11 als „kritisch“, 42 als „wichtig“ und drei als „mittel“ bewertete Patches. Auf der Liste der als „kritisch“ eingestuften Schwachstellen finden Sie Sicherheitslücken in .NET, verschiedenen Medien-Codecs, Windows DNS- und Fax-Diensten sowie zwei im Windows TCP/IP-Stack.

Die Liste der „wichtigen“ CVEs enthält Remote-Code-Execution(RCE)-Schwachstellen in MS Excel, Sharepoint und Visual Studio sowie Dutzende bei Privilege-Escalation- und Denial-of-Service-Sicherheitslücken. Insgesamt wurden sieben dieser Sicherheitslücken „in the wild“ als Zero-Day bei sehr gezielten Angriffen ausgenutzt. Dazu zählt auch eine RCE-Schwachstelle in .NET Core/Visual Studio. Dies macht diesen Patch-Zyklus wichtiger als je zuvor.

Patchen Sie so früh wie möglich und bleiben Sie sicher!

Kritisch

.NET Core and Visual Studio Remote Code Execution Vulnerability
CVE-2021-26701
Remote Code Execution

.NET Core for Linux Remote Code Execution Vulnerability
CVE-2021-24112
Remote Code Execution

Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2021-24081
Remote Code Execution

Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2021-24091
Remote Code Execution

Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078
Remote Code Execution

Windows Fax Service Remote Code Execution Vulnerability
CVE-2021-1722, CVE-2021-24077
Remote Code Execution

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-24093
Remote Code Execution

Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088
Remote Code Execution

Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074, CVE-2021-24094
Remote Code Execution

Wichtig

.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1721
Denial of Service

Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-24087
Defense in Depth

Microsoft Dataverse Information Disclosure Vulnerability
CVE-2021-24101
Information Disclosure

Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24092
Elevation of Privilege

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-1724
Spoofing

Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070
Remote Code Execution

Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-1730, CVE-2021-24085
Spoofing

Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-24071
Information Disclosure

Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-24066, CVE-2021-24072
Remote Code Execution

Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726
Spoofing

Microsoft Teams iOS Information Disclosure Vulnerability
CVE-2021-24114
Information Disclosure

Microsoft Windows VMSwitch Information Disclosure Vulnerability
CVE-2021-24076
Information Disclosure

Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
CVE-2021-24082
Security Feature Bypass

Package Managers Configurations Remote Code Execution Vulnerability
CVE-2021-24105
Remote Code Execution

PFX Encryption Security Feature Bypass Vulnerability
CVE-2021-1731
Security Feature Bypass

Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099
Denial of Service

Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073
Spoofing

Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-1733
Elevation of Privilege

System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2021-1728
Elevation of Privilege

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2021-26700
Remote Code Execution

Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639
Remote Code Execution

Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083
Remote Code Execution

Windows Backup Engine Information Disclosure Vulnerability
CVE-2021-24079
Information Disclosure

Windows Console Driver Denial of Service Vulnerability
CVE-2021-24098
Denial of Service

Windows DirectX Information Disclosure Vulnerability
CVE-2021-24106
Information Disclosure

Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24102, CVE-2021-24103
Elevation of Privilege

Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24096
Elevation of Privilege

Windows Mobile Device Management Information Disclosure Vulnerability
CVE-2021-24084
Information Disclosure

Windows Network File System Denial of Service Vulnerability
CVE-2021-24075
Denial of Service

Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195
Elevation of Privilege

Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734
Information Disclosure

Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086
Denial of Service

Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1698, CVE-2021-1732
Elevation of Privilege

Mittel

.NET Framework Denial of Service Vulnerability
CVE-2021-24111
Denial of Service

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2021-24109
Elevation of Privilege

Windows Trust Verification API Denial of Service Vulnerability
CVE-2021-24080
Denial of Service